diff --git a/debian/README.Debian b/debian/README.Debian index 62816255..34303403 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -66,7 +66,7 @@ actionstop = iptables -D -j iptables -D -m state --state NEW -p --dport -j fail2ban- iptables -F fail2ban- iptables -X fail2ban- -actioncheck = iptables -L | grep -q fail2ban- +actioncheck = iptables -n -L | grep -q fail2ban- actionban = iptables -I fail2ban- 1 -s -j DROP actionunban = iptables -D fail2ban- -s -j DROP [Init] diff --git a/debian/changelog b/debian/changelog index d71895e9..6571b563 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +fail2ban (0.7.6-3) unstable; urgency=low + + * Synchronized action.d/iptables-* rules from upstream SVN (closes: + #407561) + * Minor: options renames in the comments to be in sync with upstream + + -- Yaroslav Halchenko Fri, 19 Jan 2007 10:43:59 -0500 + fail2ban (0.7.6-2) unstable; urgency=low * iptables-multiport is default action to take since Debian kernel arrives diff --git a/debian/patches/00_iptables-mports.dpatch b/debian/patches/00_iptables-mports.dpatch index bb84a70e..35f22a6c 100755 --- a/debian/patches/00_iptables-mports.dpatch +++ b/debian/patches/00_iptables-mports.dpatch @@ -1,24 +1,24 @@ #! /bin/sh /usr/share/dpatch/dpatch-run -## 00_iptables-mports.dpatch by Yaroslav Halchenko +## 00_iptables_mports.dpatch by Yaroslav Halchenko ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: No description. @DPATCH@ -diff -urNad fail2ban-0.7.5~/config/action.d/iptables-multiport.conf fail2ban-0.7.5/config/action.d/iptables-multiport.conf ---- fail2ban-0.7.5~/config/action.d/iptables-multiport.conf 1969-12-31 19:00:00.000000000 -0500 -+++ fail2ban-0.7.5/config/action.d/iptables-multiport.conf 2007-01-04 12:28:46.000000000 -0500 +diff -urNad fail2ban-0.7.6~/config/action.d/iptables-multiport.conf fail2ban-0.7.6/config/action.d/iptables-multiport.conf +--- fail2ban-0.7.6~/config/action.d/iptables-multiport.conf 1969-12-31 19:00:00.000000000 -0500 ++++ fail2ban-0.7.6/config/action.d/iptables-multiport.conf 2007-01-19 10:40:54.000000000 -0500 @@ -0,0 +1,69 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# Modified by Yaroslav Halchenko for multiport banning -+# $Revision: 455 $ ++# $Revision: 520 $ +# + +[Definition] + -+# Option: fwstart ++# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# @@ -26,7 +26,7 @@ diff -urNad fail2ban-0.7.5~/config/action.d/iptables-multiport.conf fail2ban-0.7 + iptables -A fail2ban- -j RETURN + iptables -I INPUT -p -m multiport --dports -j fail2ban- + -+# Option: fwend ++# Option: actionend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# @@ -34,13 +34,13 @@ diff -urNad fail2ban-0.7.5~/config/action.d/iptables-multiport.conf fail2ban-0.7 + iptables -F fail2ban- + iptables -X fail2ban- + -+# Option: fwcheck -+# Notes.: command executed once before each fwban command ++# Option: actioncheck ++# Notes.: command executed once before each actionban command +# Values: CMD +# -+actioncheck = iptables -L INPUT | grep -q fail2ban- ++actioncheck = iptables -n -L INPUT | grep -q fail2ban- + -+# Option: fwban ++# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address @@ -50,7 +50,7 @@ diff -urNad fail2ban-0.7.5~/config/action.d/iptables-multiport.conf fail2ban-0.7 +# +actionban = iptables -I fail2ban- 1 -s -j DROP + -+# Option: fwunban ++# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address diff --git a/debian/patches/00_iptables_NEW.dpatch b/debian/patches/00_iptables_NEW.dpatch index e5716b15..91d4d01c 100755 --- a/debian/patches/00_iptables_NEW.dpatch +++ b/debian/patches/00_iptables_NEW.dpatch @@ -5,22 +5,22 @@ ## DP: No description. @DPATCH@ -diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/config/action.d/iptables-new.conf ---- fail2ban-0.7.4~/config/action.d/iptables-new.conf 1969-12-31 19:00:00.000000000 -0500 -+++ fail2ban-0.7.4/config/action.d/iptables-new.conf 2006-11-10 18:01:27.000000000 -0500 -@@ -0,0 +1,72 @@ +diff -urNad fail2ban-0.7.6~/config/action.d/iptables-new.conf fail2ban-0.7.6/config/action.d/iptables-new.conf +--- fail2ban-0.7.6~/config/action.d/iptables-new.conf 1969-12-31 19:00:00.000000000 -0500 ++++ fail2ban-0.7.6/config/action.d/iptables-new.conf 2007-01-19 10:40:28.000000000 -0500 +@@ -0,0 +1,71 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# Copied from iptables.conf and modified by Yaroslav Halchenko +# to fullfill the needs of bugreporter dbts#350746. +# -+# $Revision: 394 $ ++# $Revision: 520 $ +# + +[Definition] + -+# Option: fwstart ++# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# @@ -28,7 +28,7 @@ diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/con + iptables -A fail2ban- -j RETURN + iptables -I INPUT -m state --state NEW -p --dport -j fail2ban- + -+# Option: fwend ++# Option: actionend +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# @@ -36,29 +36,28 @@ diff -urNad fail2ban-0.7.4~/config/action.d/iptables-new.conf fail2ban-0.7.4/con + iptables -F fail2ban- + iptables -X fail2ban- + -+# Option: fwcheck -+# Notes.: command executed once before each fwban command ++# Option: actioncheck ++# Notes.: command executed once before each actionban command +# Values: CMD +# -+actioncheck = iptables -L INPUT | grep -q fail2ban- ++actioncheck = iptables -n -L INPUT | grep -q fail2ban- + -+# Option: fwban ++# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# number of failures -+# unix timestamp of the last failure -+# unix timestamp of the ban time ++#